Blog of the Spikes app developers

Main Menu

Azure AD provider for Horizon

Intro

We’re employing 2 interns this year at Spikes. They are developing an application for internal use and are learning new technologies to accomplish that goal. One of those is Horizon .

Horizon offers multiple OAuth providers out of the box, such as Auth0, Github, Facebook, Google, … We would like to use Azure AD in this project and as the interns already have enough on their plate, we decided to implement this part for them.

Creating the provider

Having a close look at the already implemented providers, it wasn’t that hard to figure out the mechanics used for the others. Most of them had a similar implementation, except for the Twitter one.

I focused on the standard implementations which all implement 3 specific calls:

Acquire an authorization code

Use the acquired authorization code to request an access token

Acquire user information based on the access token

Microsoft has a pretty good documentation for part 1 and 2, which you can find here.

Part 3 however was another story. Apparently, the userinfo endpoint on Azure requires a non standard access token. This token can be acquired by requesting an authorization code and access token without mentioning a resource. (source)

Looking more closely at the information that Horizon needs from the user, we decided to just decode the acquired access token.